<?php
	session_start();

	include ("connection.php");

	$link = new connection();

	$user = $_POST['user'];
	$password = sha1($_POST['password']);
	$loggedUser = '';

	$query = $link->prepare("SELECT UserId FROM users WHERE Password = ? and Username = ? ;");
	$query->bind_param("ss",$password,$user);
	$query->execute();
	$query->bind_result($loggedUser);
	$query->fetch();
	$query->close();
	mysqli_close($link);

	if ($loggedUser != ''){
		$_SESSION['user']=$loggedUser;

		echo "ok";
	}
	else{
		$_SESSION['errorMsg'] = 'usuario/contrase&ntilde;a incorrecta';

		echo "error";
	}

?>

